I am invoking a POST request (say request A) from my browser. And I’m trying to do the following at my backend while redirecting the request,
1) Clear a cookie value
2) Set 307 header value and
3) Adding Location header with redirect url (say request B) value.
(2) and (3) works fine.
(1) is not working as expected. When the request B is invoked the cookie value is not cleared - it reuses the value in request A. Can someone provide me some insight on this?
Make sure you have appropriate Set-Cookie headers in the response of A. Some of web application frameworks cannot add those headers in usual way when redirecting.
I've tested that Chrome and Edge (40.15063) handle Set-Cookie expectedly (and thus clear cookies) in 307 redirects by using this simple CGI:
#!/bin/sh
echo Status: 307 Temporary Redirect
echo "Content-Type: text/html"
printf 'Set-Cookie: Your-Cookie=; path=/; domain=Your-Domain; expires=%s' "$(date --rfc-2822 --utc --date='1 day ago')"
echo "Location: Your-B-url"
echo
